CompTIA Security+ (SY0-601) — Question 682

As part of a security compliance assessment, an auditor performs automated vulnerability scans. In addition, which of the following should the auditor do to complete the assessment?

Answer options

• A. User behavior analysis
• B. Packet captures
• C. Configuration reviews
• D. Log analysis

Correct answer: C

Explanation

Configuration reviews are essential to ensure that systems are set up correctly and securely, which complements vulnerability scans by identifying potential misconfigurations. The other options, while useful in certain contexts, do not directly address the need to verify configuration settings as part of a comprehensive security assessment.